• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
2fa app loaded with banking trojan infests 10k victims via

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

You are here: Home / Latest Cyber Security Vulnerabilities / 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
January 27, 2022

The Vultur trojan steals financial institution credentials but asks for permissions to do much additional harm down the line.

Immediately after remaining readily available for additional than two weeks, a malicious two-factor authentication (2FA) application has been taken off from Google Play — but not just before it was downloaded far more than 10,000 occasions. The app, which is completely functional as a 2FA authenticator, arrives loaded with the Vultur stealer malware that targets and swoops down on financial info.

End users with the malicious software, straightforwardly termed “2FA Authenticator,” are suggested by researchers at Pradeo to delete it from their machine quickly given that they nonetheless keep on being at risk — both from banking-login theft and other attacks built attainable by the app’s extensive overpermissions.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The menace actors made an operational and convincing application to disguise the malware dropper, making use of open-supply Aegis authentication code injected with destructive include-ons. That served it unfold through Google Engage in undetected, according to a Pradeo report launched on Thursday.

“As a outcome, the application is efficiently disguised as an authentication resource, which guarantees it maintains a reduced profile,” the report additional.

Vultur Banking Trojan Gobbles Down Permissions

When downloaded, the app installs Vultur banking trojan, which steals money and banking data on the compromised system — but can do much more.

To start with detected by analysts at ThreatFabric very last March, the Vultur distant obtain trojan (RAT) malware was the to start with of its variety observed to use keylogging and display recording as its main tactic for banking-info theft, enabling the group to automate the approach of harvesting credentials and scale.

“The actors chose to steer away from the popular HTML overlay strategy we typically see in other Android banking trojans: this solution ordinarily demands additional time and work from the actors in purchase to steal relevant data from the consumer. Instead, they selected to merely file what is proven on the display, efficiently obtaining the very same stop final result,” ThreatFabric reported at the time.

The rip-off 2FA authenticator also asks for system permissions further than what was disclosed in the Google Participate in profile, the Pradeo workforce reported.

Those sneaky, elevated privileges allow for the attackers to perform many capabilities outside of the common banking-trojan fare, such as: Accessing user area details, so attacks can be targeted at unique locations disabling the product lock and password security downloading 3rd-party purposes and getting more than handle of the unit, even if the app is shut down, the report defined.

Pradeo uncovered another soiled trick the destructive 2FA pulled by grabbing the Technique_Notify_WINDOW permission, which provides the app the means to modify other cell apps’ interfaces. As Google itself defined, “Very couple apps ought to use this authorization these windows are intended for process-level conversation with the user.”

Once the gadget is thoroughly compromised, the app installs Vultur, “an superior and fairly new type of malware that generally targets on the net banking interface to steal users’ credentials and other critical economical details,” the report reported.

The staff at Pradeo documented that even though the researchers submitted their disclosure to Google Play, nevertheless the destructive 2FA Authenticator app loaded with the banking trojan remained offered for 15 days.

Check out out our free upcoming reside and on-demand from customers on the internet town halls – exclusive, dynamic conversations with cybersecurity gurus and the Threatpost local community.


Some sections of this write-up are sourced from:
threatpost.com

Previous Post: «Cyber Security News Florida Considers Deepfake Ban
Next Post: QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices qnap warns of deadbolt ransomware targeting internet facing nas devices»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.